<?php
/*
+-----------------------------------------------------------------------------+
| $Id: *.php 2009-08-18 08:41:22Z Bleakwind $
| Copyright (c) 2003-2010 Bleakwind (www.weaverdream.com)
| http://www.weaverdream.com/
+-----------------------------------------------------------------------------+
*/

if (!defined( 'ENTRY_INDEX')){
    echo "<h1>Forbidden</h1><p>You don't have permission to access on this server.</p>";
    exit;
}

$setting_attach['length']       = $CONFIG['max_post_attach_length'];
$setting_attach['size']         = $CONFIG['max_post_attach_size'];
$setting_attach['type']         = $CONFIG['max_post_attach_type'];
$setting_attach['brief_length'] = $CONFIG['max_post_attach_brief_length'];
$setting_attach['number']       = $CONFIG['max_post_attach_number'];
$setting_attach['dir']          = date("Y")."/".date("Ym")."/".date("Ymd")."/";

if( !preg_match("/^[1-9][0-9]{0,10}$/i",$sys->get['topic_id']) ){
    $sys->prompt("failed",$LANGUAGE['s']['reply']['topic_id_error']."<!-- topic_id error -->");
} elseif( $sys->get['ope'] == "quote" && !preg_match("/^[1-9][0-9]{0,10}$/i",$sys->get['post_id']) ){
    $sys->prompt("failed",$LANGUAGE['s']['reply']['quote_post_id_error']."<!-- quote_post_id_error -->");
} else {
    $sql = "SELECT topic.*,

                icon_topic.filename as icon_filename,

                post.id as post_id,
                post.topic_id as post_topic_id,
                post.content as post_content,
                post.quote_id as post_quote_id,
                post.quote_path as post_quote_path,
                post.post_mid as post_post_mid,
                post.post_musername as post_post_musername,
                post.post_ip as post_post_ip,
                post.post_time as post_post_time,
                post.modify_mid as post_modify_mid,
                post.modify_musername as post_modify_musername,
                post.modify_ip as post_modify_ip,
                post.modify_time as post_modify_time,
                post.if_face as post_if_face,
                post.if_bbcode as post_if_bbcode,
                post.if_url as post_if_url,
                post.if_html as post_if_html,
                post.floor as post_floor,
                post.rank as post_rank,

                channel.id as channel_id,
                channel.name as channel_name,

                member.id as m_id,
                member.username as m_username,
                member.email as m_email,
                member.card as m_card,
                member.mg_type as m_mg_type,
                member.mg_type_expired as m_mg_type_expired,
                member.silver as m_silver,
                member.point as m_point,
                member.bonus as m_bonus,
                member.pile1 as m_pile1,
                member.pile2 as m_pile2,
                member.pile3 as m_pile3,
                member.pile4 as m_pile4,
                member.pile5 as m_pile5,
                member.pile6 as m_pile6,
                member.time_created as m_time_created,
                member.time_lastvisit as m_time_lastvisit,
                member.cumulant_silver as m_cumulant_silver,
                member.cumulant_offer as m_cumulant_offer,
                member.cumulant_online as m_cumulant_online,

                member_detail.mid as md_mid,
                member_detail.realname as md_realname,
                member_detail.gender as md_gender,
                member_detail.birthday as md_birthday,
                member_detail.address as md_address,
                member_detail.postalcode as md_postalcode,
                member_detail.telephone as md_telephone,
                member_detail.mobile as md_mobile,
                member_detail.avatar_type as md_avatar_type,
                member_detail.avatar_value as md_avatar_value,
                member_detail.website as md_website,
                member_detail.gtalk as md_gtalk,
                member_detail.msn as md_msn,
                member_detail.icq as md_icq,
                member_detail.qq as md_qq,
                member_detail.yahoo as md_yahoo,
                member_detail.bio as md_bio,
                member_detail.sign as md_sign,
                member_detail.last_post as md_last_post,
                member_detail.total_topic as md_total_topic,
                member_detail.total_reply as md_total_reply,
                member_detail.total_elite as md_total_elite,
                member_detail.remark as md_remark,

                member_group.mg_id,
                member_group.mg_name

            FROM ".DB_TABLE_TOPIC." topic
                LEFT JOIN ".DB_TABLE_POST." post ON post.id=topic.post_pid
                LEFT JOIN ".DB_TABLE_ICON_TOPIC." icon_topic ON icon_topic.id=topic.icon
                LEFT JOIN ".DB_TABLE_CHANNEL." channel ON channel.id=topic.channel_id
                LEFT JOIN ".DB_TABLE_MEMBER." member ON member.id=post.post_mid
                LEFT JOIN ".DB_TABLE_MEMBER_DETAIL." member_detail ON member_detail.mid=member.id
                LEFT JOIN ".DB_TABLE_MEMBER_GROUP." member_group ON member_group.mg_type=member.mg_type
                    AND (member_group.mg_point_begin<=member.point || member_group.mg_point_begin IS NULL)
                    AND (member_group.mg_point_end>=member.point || member_group.mg_point_end IS NULL)
            WHERE topic.id=".$sys->get['topic_id']."";
    $result = &$db->Execute($sql);
    if (!$result) {
        echo $db->ErrorMsg();
    } else {
        if (!$result->EOF) {
            $topic_info = array(
                'id'                        => $result->fields['id'],
                'channel_id'                => $result->fields['channel_id'],
                'icon'                      => $result->fields['icon'],
                'subject'                   => $result->fields['subject'],
                'subject_len'               => mb_strwidth($result->fields['subject'],"UTF-8"),
                'post_mid'                  => $result->fields['post_mid'],
                'post_musername'            => $result->fields['post_musername'],
                'post_ip'                   => $result->fields['post_ip'],
                'post_time'                 => $result->fields['post_time'],
                'post_pid'                  => $result->fields['post_pid'],
                'number_reply'              => $result->fields['number_reply'],
                'number_click'              => $result->fields['number_click'],
                'last_mid'                  => $result->fields['last_mid'],
                'last_musername'            => $result->fields['last_musername'],
                'last_time'                 => $result->fields['last_time'],
                'last_pid'                  => $result->fields['last_pid'],
                'style_color'               => $result->fields['style_color'],
                'style_fontstyle'           => $result->fields['style_fontstyle'],
                'style_decoration'          => $result->fields['style_decoration'],
                'style_begin'               => $result->fields['style_begin'],
                'style_end'                 => $result->fields['style_end'],
                'if_elite'                  => $result->fields['if_elite'],
                'if_elite_begin'            => $result->fields['if_elite_begin'],
                'if_elite_end'              => $result->fields['if_elite_end'],
                'if_top'                    => $result->fields['if_top'],
                'if_top_begin'              => $result->fields['if_top_begin'],
                'if_top_end'                => $result->fields['if_top_end'],
                'if_close'                  => $result->fields['if_close'],
                'if_close_begin'            => $result->fields['if_close_begin'],
                'if_close_end'              => $result->fields['if_close_end'],
                'if_move'                   => $result->fields['if_move'],
                'if_move_id'                => $result->fields['if_move_id'],
                'if_del'                    => $result->fields['if_del'],
                'rank'                      => $result->fields['rank'],

                'icon_filename'             => $result->fields['icon_filename'],

                'post_id'                   => $result->fields['post_id'],
                'post_topic_id'             => $result->fields['post_topic_id'],
                'post_content'              => $result->fields['post_content'],
                'post_quote_id'             => $result->fields['post_quote_id'],
                'post_quote_path'           => $result->fields['post_quote_path'],
                'post_post_mid'             => $result->fields['post_post_mid'],
                'post_post_musername'       => $result->fields['post_post_musername'],
                'post_post_ip'              => $result->fields['post_post_ip'],
                'post_post_time'            => $result->fields['post_post_time'],
                'post_modify_mid'           => $result->fields['post_modify_mid'],
                'post_modify_musername'     => $result->fields['post_modify_musername'],
                'post_modify_ip'            => $result->fields['post_modify_ip'],
                'post_modify_time'          => $result->fields['post_modify_time'],
                'post_if_face'              => $result->fields['post_if_face'],
                'post_if_bbcode'            => $result->fields['post_if_bbcode'],
                'post_if_url'               => $result->fields['post_if_url'],
                'post_if_html'              => $result->fields['post_if_html'],
                'post_floor'                => $result->fields['post_floor'],
                'post_rank'                 => $result->fields['post_rank'],

                'channel_id'                => $result->fields['channel_id'],
                'channel_name'              => $result->fields['channel_name'],
                'channel_name_len'          => mb_strwidth($result->fields['channel_name'],"UTF-8"),

                'm_id'                      => $result->fields['m_id'],
                'm_username'                => $result->fields['m_username'],
                'm_email'                   => $result->fields['m_email'],
                'm_card'                    => $result->fields['m_card'],
                'm_mg_type'                 => $result->fields['m_mg_type'],
                'm_mg_type_expired' => $result->fields['m_mg_type_expired'],
                'm_silver'                  => $result->fields['m_silver'],
                'm_point'                   => $result->fields['m_point'],
                'm_bonus'                   => $result->fields['m_bonus'],
                'm_pile1'                   => $result->fields['m_pile1'],
                'm_pile2'                   => $result->fields['m_pile2'],
                'm_pile3'                   => $result->fields['m_pile3'],
                'm_pile4'                   => $result->fields['m_pile4'],
                'm_pile5'                   => $result->fields['m_pile5'],
                'm_pile6'                   => $result->fields['m_pile6'],
                'm_time_created'            => $result->fields['m_time_created'],
                'm_time_lastvisit'          => $result->fields['m_time_lastvisit'],
                'm_cumulant_silver'         => $result->fields['m_cumulant_silver'],
                'm_cumulant_offer'          => $result->fields['m_cumulant_offer'],
                'm_cumulant_online'         => $result->fields['m_cumulant_online'],

                'md_mid'                    => $result->fields['md_mid'],
                'md_realname'               => $result->fields['md_realname'],
                'md_gender'                 => $result->fields['md_gender'],
                'md_birthday'               => $result->fields['md_birthday'],
                'md_address'                => $result->fields['md_address'],
                'md_postalcode'             => $result->fields['md_postalcode'],
                'md_telephone'              => $result->fields['md_telephone'],
                'md_mobile'                 => $result->fields['md_mobile'],
                'md_avatar_type'            => $result->fields['md_avatar_type'],
                'md_avatar_value'           => $result->fields['md_avatar_value'],
                'md_website'                => $result->fields['md_website'],
                'md_gtalk'                  => $result->fields['md_gtalk'],
                'md_msn'                    => $result->fields['md_msn'],
                'md_icq'                    => $result->fields['md_icq'],
                'md_qq'                     => $result->fields['md_qq'],
                'md_yahoo'                  => $result->fields['md_yahoo'],
                'md_bio'                    => $result->fields['md_bio'],
                'md_sign'                   => $result->fields['md_sign'],
                'md_last_post'              => $result->fields['md_last_post'],
                'md_total_topic'            => $result->fields['md_total_topic'],
                'md_total_reply'            => $result->fields['md_total_reply'],
                'md_total_elite'            => $result->fields['md_total_elite'],
                'md_remark'                 => $result->fields['md_remark'],

                'mg_id'                     => $result->fields['mg_id'],
                'mg_name'                   => $result->fields['mg_name'],
            );
        }
    }

    if( !preg_match("/^[1-9][0-9]{0,18}$/",$topic_info['id']) ){
        $sys->prompt("failed",$LANGUAGE['s']['reply']['topic_id_not_exist']."<!-- topic_id not exist -->");
    } elseif ($topic_info['if_del'] == "1") {
        $sys->prompt("failed",$LANGUAGE['s']['reply']['topic_id_already_del']."<!-- topic_id already del -->");
    } elseif( $topic_info['if_close'] == 1 || ($topic_info['if_close'] == 3 && $topic_info['if_close_begin'] < $sys->nowtime && $topic_info['if_close_end'] > $sys->nowtime) ){
        $sys->prompt("failed",$LANGUAGE['s']['reply']['topic_if_close_yes']."<!-- topic_if_close_yes -->");
    } elseif( !preg_match("/^[1-9][0-9]{0,10}$/",$topic_info['channel_id']) ){
        $sys->prompt("failed",$LANGUAGE['s']['reply']['channel_id_not_exist']."<!-- channel_id_not_exist -->");
    } else {
        $channel_info   = $sys->return_channel_info($topic_info['channel_id']);
        if ($channel_info['if_enable'] != "1") {
            $sys->prompt("failed",$LANGUAGE['s']['reply']['channel_id_not_enable']."<!-- channel_id not enable -->");
        } else {

            if ($ADMIN['ag_privilege']['topic'] == "1" || ($ADMIN['ag_privilege']['topic'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_topic = "1";
            } else {
                $ag_privilege_topic = "2";
            }

            if ($ADMIN['ag_privilege']['channel_passinto'] == "1" || ($ADMIN['ag_privilege']['channel_passinto'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_passinto = "1";
            } else {
                $ag_privilege_channel_passinto = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockpost'] == "1" || ($ADMIN['ag_privilege']['channel_lockpost'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockpost = "1";
            } else {
                $ag_privilege_channel_lockpost = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockreply'] == "1" || ($ADMIN['ag_privilege']['channel_lockreply'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockreply = "1";
            } else {
                $ag_privilege_channel_lockreply = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockedit'] == "1" || ($ADMIN['ag_privilege']['channel_lockedit'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockedit = "1";
            } else {
                $ag_privilege_channel_lockedit = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockdel'] == "1" || ($ADMIN['ag_privilege']['channel_lockdel'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockdel = "1";
            } else {
                $ag_privilege_channel_lockdel = "2";
            }

            if( $MEMBER['mg_privilege']['if_forbidpost'] == "1" && $ag_privilege_topic != "1" ){
                $sys->prompt("failed",$LANGUAGE['s']['reply']['forbid_post']."<!-- forbid_post -->");
            } elseif( $channel_info['if_lock'] == "1" && $ag_privilege_topic != "1" && $ag_privilege_channel_lockreply != "1" ){
                $sys->prompt("failed",$LANGUAGE['s']['reply']['if_lock_yes']."<!-- if_lock_yes -->");
            } else {

                $sys->return_channel_current($topic_info['channel_id']);
                $trans_value    = $sys->return_trans_value($topic_info['channel_id'], $topic_info['id']);

                if( $sys->get['ope'] == "quote"){
                    $post_info      = func::db_select(DB_TABLE_POST, "*", "id=".$sys->get['post_id']." AND topic_id=".$sys->get['topic_id']);
                    $post_info      = $post_info[0];
                    if( !preg_match("/^[1-9][0-9]{0,18}$/",$post_info['id']) ){
                        $sys->prompt("failed",$LANGUAGE['s']['reply']['quote_post_id_not_exist']."<!-- post_id_not_exist -->");
                    } else {
                        $t->assign(array(
                            "post_info"      => $post_info,
                        ));
                        $quote_path = $sys->return_post_quote_path($post_info['id']);
                    }
                }
                
                $attach_list            = "attach_list";
                $attach_type            = "add";
                $attach_where           = $MEMBER['id'];
                $attach_table           = DB_TABLE_POST_ATTACH;
                $attach_dir             = $SETTING['dir_post_attach'];
                list($attach_list_result, $attach_list_result_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);
                $attach_list_result_js  = trim($attach_list_result_js);
                if (!empty($attach_list_result_js)) {
                    $attach_list_result     = $attach_list_result."\n<script type=\"text/javascript\">\n<!-- \n".$attach_list_result_js."\n //-->\n</script>\n";
                }

                $t->assign(array(
                    "attach_list_result"    => $attach_list_result,
                ));
                
                // attach ajax
                function upload_submit($form,$action,$prompt)  
                {
                    global $LANGUAGE,$LANGLIST,$SETTING,$setting_attach;
                    $ajax_response = new xajaxResponse();
                    $ajax_response->assign($prompt, "innerHTML", "<img src=\"".$SETTING['dir_images']."/loading.gif\" border=\"0\" align=\"absmiddle\" />");
                    $ajax_response->remove($form."_upload_target");
                    $ajax_response->append($prompt, "innerHTML", "<iframe id=\"".$form."_upload_target\" name=\"".$form."_upload_target\" width=\"0\" height=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"about:blank\" style=\"display:none;\"></iframe>");
                    $ajax_response->assign($form,"action",$action);
                    $ajax_response->assign($form,"target",$form."_upload_target");
                    $ajax_response->script("document.".$form.".submit();");
                    return $ajax_response;
                }
                $bwajax->register(XAJAX_FUNCTION, "upload_submit");
                function attach_upload_return($state,$type,$search,$form,$file_input,$input_value,$submit,$list,$detail_input,$prompt,$msg)
                {
                    global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                    $ajax_response = new xajaxResponse();
                    $ajax_response->assign($form,"action","javascript:void(null);");
                    $ajax_response->assign($form,"target","_self");

                    if ($state == "1") {
                        $ajax_response->assign($detail_input, "value", "");
                        $ajax_response->assign($file_input, "innerHTML", $input_value);
                    }

                    $attach_list    = $list;
                    $attach_type    = "add";
                    $attach_where   = $search;
                    $attach_table   = DB_TABLE_POST_ATTACH;
                    $attach_dir     = $SETTING['dir_post_attach'];
                    list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);

                    $ajax_response->assign($list,"innerHTML",$file_str);
                    $ajax_response->script($file_str_js);

                    $ajax_response->assign($prompt, "innerHTML", $msg);
                    $ajax_response->assign($submit,"disabled",false);
                    return $ajax_response;
                }
                $bwajax->register(XAJAX_FUNCTION, "attach_upload_return");
                function attach_get($type,$search,$file_input,$file,$submit,$list,$detail_input,$brief,$prompt)
                {
                    global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                    $ajax_response = new xajaxResponse();
                    //$ajax_response->alert(print_r($value['brief'], true)); return $ajax_response;

                    $attach_filetype = explode(",",$setting_attach['type']);
                    if (empty($file)) {
                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_get_url_empty']."</span>");
                        $ajax_response->assign($submit,"disabled",false);
                    }else{
                        preg_match("/([^\/.]*)\.[^\/.]*$/", $file, $name_primal); $name_primal = $name_primal[1]; 
                        preg_match("/[^\/.]*(\.[^\/.]*)$/", $file, $name_extend); $name_extend = $name_extend[1];
                        if (empty($name_primal)) {
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_get_name_failed']."</span>");
                            $ajax_response->assign($submit,"disabled",false);
                        } elseif (!preg_match("/[a-z0-9\.]{1,9}/i", $name_extend) || !in_array($name_extend, $attach_filetype)) {
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_get_type_error']."<!-- file type error --></span>");
                            $ajax_response->assign($submit,"disabled",false);
                        } else{
     
                            $result_state = "1";
                            $brief = empty($brief) ? func::str_cut($name_primal.$name_extend, 0, $setting_attach['brief_length']) : $brief;

                            $member_id = $search;
                            if (!preg_match("/^[1-9][0-9]*$/",$member_id)){
                                $result_state = "0";
                                $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_get_post_id_error']."<!-- member_id error --></span>");
                                $ajax_response->assign($submit,"disabled",false);
                            } elseif (func::db_count_record(DB_TABLE_POST_ATTACH, "post_id=0 AND member_id=".$member_id) >= $setting_attach['number']){
                                $result_state = "0";
                                $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\"".sprintf($LANGUAGE['s']['reply']['attach_get_total_full'],$setting_attach['number'])."<!-- number error --></span>");
                                $ajax_response->assign($submit,"disabled",false);
                            } elseif (mb_strwidth($brief,"UTF-8") > $setting_attach['brief_length']){
                                $result_state = "0";
                                $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['reply']['attach_get_brief_full'],$setting_attach['brief_length'])."<!-- brief error --></span>");
                                $ajax_response->assign($submit,"disabled",false);
                            } else {
                                $dir    = $setting_attach['dir'];
                                $path   = $SETTING['dir_post_attach']."/".$dir;

                                $filename       = "";
                                $file_notexists = false;
                                while($file_notexists === false){
                                    $name_base = func::return_lenstr(sha1($name_primal.microtime()),$setting_attach['length']);
                                    $filename = $name_base.$name_extend;
                                    if(!file_exists($target_dir.$filename)) {
                                        $file_notexists = true;
                                    }
                                }

                                if (!file_exists($path)) { func::make_dir($path); }
                                if (!@copy($file, $path.$filename)) {
                                    $result_state = "0";
                                    $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_get_file_failed']."<!-- copy error --></span>");
                                    $ajax_response->assign($submit,"disabled",false);
                                } else {
                                    $sql_data = array(
                                        "brief"             => "'".addslashes($brief)."'",
                                        "dir"               => "'".$dir."'",
                                        "filename"          => "'".$filename."'",
                                        "post_id"           => "'0'",
                                        "member_id"          => "'".(int)$MEMBER['id']."'",
                                        "time"              => $sys->nowtime,
                                        "down"              => "0",
                                    );
                                    $result = func::db_insert(DB_TABLE_POST_ATTACH, $sql_data);
                                    if (!$result) {
                                        if (file_exists($path.$filename)) {
                                            @chmod($path.$filename, $SETTING['chmod_mode_file']);
                                            @unlink($path.$filename);
                                        }
                                        $result_state = "0";
                                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_get_updatedb_failed']."<!-- db update error --></span>");
                                        $ajax_response->assign($submit,"disabled",false);
                                    }
                                }
                            }

                            if ($result_state == "1"){

                                $attach_list    = $list;
                                $attach_type    = "add";
                                $attach_where   = $search;
                                $attach_table   = DB_TABLE_POST_ATTACH;
                                $attach_dir     = $SETTING['dir_post_attach'];
                                list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);

                                $ajax_response->assign($list,"innerHTML",$file_str);
                                $ajax_response->script($file_str_js);

                                $ajax_response->assign($file_input, "value", "");
                                $ajax_response->assign($detail_input, "value", "");
                                $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_succeed\">".$LANGUAGE['s']['reply']['attach_get_file_succeed']."<!-- get file succeed --></span>");
                            }

                            $ajax_response->assign($submit,"disabled",false);
                        }
                    }
                    return $ajax_response;
                }
                $bwajax->register(XAJAX_FUNCTION, "attach_get");
                function attach_del($type,$search,$del,$list)
                {
                    global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                    $ajax_response = new xajaxResponse();

                    $result_state = "1";

                    $member_id = $search;
                    if (!preg_match("/^[1-9][0-9]*$/",$member_id)){
                        $result_state = "0";
                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_del_post_id_error']."<!-- member_id error --></span>");
                        $ajax_response->assign($submit,"disabled",false);
                    } else {
                        if (!preg_match("/^[1-9][0-9]*$/",$del)){
                            $result_state = "0";
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_del_attach_id_error']."<!-- del error --></span>");
                            $ajax_response->assign($submit,"disabled",false);
                        } else {
                            $filelist = func::db_select(DB_TABLE_POST_ATTACH, "*", "id=".$del, "", "id DESC");
                            $file_value = $filelist[0];
                            if (!empty($file_value['dir'])){
                                $dir    = $file_value['dir'];
                                $path   = $SETTING['dir_post_attach']."/".$dir;
                                if (!empty($file_value['filename'])){
                                    if (file_exists($path.$filelist[0]['filename'])) {
                                        @chmod($path.$file_value['filename'], $SETTING['chmod_mode_file']);
                                        @unlink($path.$file_value['filename']);
                                    }
                                }
                            }
                            $result = func::db_delete(DB_TABLE_POST_ATTACH,  "id=".$file_value['id']);
                            if (!$result) {
                                $result_state = "0";
                                $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['attach_del_updatedb_failed']."<!-- db update error --></span>");
                                $ajax_response->assign($submit,"disabled",false);
                            }
                        }
                    }

                    if ($result_state == "1"){
                        $attach_list    = $list;
                        $attach_type    = "add";
                        $attach_where   = $search;
                        $attach_table   = DB_TABLE_POST_ATTACH;
                        $attach_dir     = $SETTING['dir_post_attach'];
                        list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);
                        
                        $ajax_response->assign($list,"innerHTML",$file_str);
                        $ajax_response->script($file_str_js);
                    }

                    return $ajax_response;
                }
                $bwajax->register(XAJAX_FUNCTION, "attach_del");
                function set_value_onfocus($name, $id, $value, $type="text", $maxlength="255", $style="")
                {
                    global $SETTING, $LANGUAGE, $MEMBER, $ADMIN, $db, $sys, $select_option;
                    $ajax_response = new xajaxResponse();
                    if (!empty($style)) { $style = "style=\"".$style."\""; }

                    if ($type == "text") {
                        $result = '<input type="text" id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" value="'.$value.'" maxlength="'.$maxlength.'" size="6" class="input" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.value);">';
                        $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                        $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                    } elseif($type == "textarea") {
                        $result = '<textarea id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" rows="1" cols="6" class="textarea" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\',  this.value);">'.$value.'</textarea>';
                        $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                        $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                    } elseif ($type == "textarea_resize") {
                        $result = '<textarea id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" rows="1" cols="6" class="textarea" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.value);">'.$value.'</textarea>';
                        $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                        $ajax_response->script("$('#".$name."_".$id."_input').resizable({ autohide: true, minWidth: 200, minHeight: 100,  maxWidth: 800, maxHeight: 600 });");
                        $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                    } elseif($type == "checkbox") {
                        $checked = $value == "1" ? "checked" : "";
                        $result = '<input type="checkbox" id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" value="1" '.$checked.' class="checkbox" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.checked == true ? 1 : 2);">';
                        $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                        $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                    }
                    return $ajax_response;
                }
                $bwajax->register(XAJAX_FUNCTION, "set_value_onfocus");
                function set_value_onblur($name, $id, $value="")
                {
                    global $SETTING, $LANGUAGE, $ASESSION, $ADMIN, $db, $sys, $setting_attach;
                    $ajax_response = new xajaxResponse();
                    $if_error   = false;
                    $error_msg  = array();

                    // check
                    if ($name == "brief") {
                        if (mb_strwidth($value,"UTF-8") > $setting_attach['brief_length']){
                            $if_error       = true;
                            $error_msg[]    = sprintf($LANGUAGE['s']['reply']['attach_brief_full'],$setting_attach['brief_length']);
                        }
                    }

                    // update
                    if (!$if_error) {
                        $sql = "UPDATE ".DB_TABLE_POST_ATTACH." SET
                                    ".$name."   = '".addslashes($value)."'
                                WHERE id='".$id."'";
                        $result = $db->Execute($sql);
                        if (!$result) {
                            $if_error       = true;
                            $error_msg[]    = $db->ErrorMsg();
                        }
                    }

                    // select and set hidden value
                    if (!$if_error) {
                        $sql = "SELECT *
                                FROM ".DB_TABLE_POST_ATTACH."
                                WHERE id='".$id."'";
                        $result = $db->Execute($sql);
                        if (!$result) {
                            $if_error       = true;
                            $error_msg[]    = $db->ErrorMsg();
                        } else {
                            $ajax_response->assign($name."_".$id."_value", "value", $result->fields[$name]);
                        }
                    }

                    // show new
                    if (!$if_error) {
                        if ($result->fields['post_id'] == "0") {
                            $ajax_response->assign($name."_".$id, "innerHTML", "<a href=\"".$CONFIGURE['common']['control_index']."?act=attach&attach_id=".$result->fields['id']."\" target=\"_blank\">".$result->fields[$name]."</a>");
                        } else {
                            $ajax_response->assign($name."_".$id, "innerHTML", "<a href=\"".$CONFIGURE['common']['control_index']."?act=attach&post_id=".$result->fields['post_id']."&attach_id=".$result->fields['id']."\" target=\"_blank\">".$result->fields[$name]."</a>");
                        }
                    }

                    // alert error
                    if ($if_error) {
                        $ajax_response->alert($LANGUAGE['s']['reply']['error_msg_array']."\n- ".implode("\n- ", $error_msg));
                    }
                    return $ajax_response;
                }
                $bwajax->register(XAJAX_FUNCTION, "set_value_onblur");
                //////
                // form post ajax
                function submit_reply($value, $button_submit)
                {
                    global $SETTING,$LANGUAGE,$CONFIG,$CONFIGURE,$SESSION,$PROMPT,$MEMBER,$db,$sys,$c,$trans_value,$channel_info,$topic_info,$post_info,$quote_path,$icon_topic_list;
                    $ajax_response = new xajaxResponse();
                    $error = false;
                    //$ajax_response->alert(print_r($value, true)); $ajax_response->assign($button_submit,"disabled",false); return $ajax_response;

                    // check the avatar
                    if (empty($value['content'])) {
                        $error = true;
                        $ajax_response->assign("content_return", "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['reply']['content_empty']."</span>");
                    } elseif (mb_strlen($value['content'], "utf-8") > $CONFIG['max_reply_content']) {
                        $error = true;
                        $ajax_response->assign("content_return", "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['reply']['content_error'],$CONFIG['max_reply_content'])."</span>");
                    } else {
                        $ajax_response->assign("content_return", "innerHTML", "");
                    }

                    if($error){
                        $ajax_response->assign($button_submit,"value",$LANGUAGE['s']['reply']['submit_reply']);
                        $ajax_response->assign($button_submit,"disabled",false);
                    }else{
                        if( $sys->get['ope'] == "quote"){
                            $sql_quote = "quote_id = '".$post_info['id']."', quote_path='".addslashes(implode(",", $quote_path))."', ";
                        }

                        $config_list = func::db_select(DB_TABLE_CONFIG, "name,value", "name='censor_post'");
                        if (!empty($config_list)) {
                            foreach($config_list as $v){
                                $CONFIG[$v['name']] = trim($v['value']);
                            }
                        }
                        $str_search = preg_match_all('/(.*)=/i', $CONFIG['censor_post'], $matches);
                        $str_search = $matches[1];
                        $str_replace = preg_match_all('/=(.*)/i', $CONFIG['censor_post'], $matches);
                        $str_replace = $matches[1];
                        for($i=0; $size=count($str_search),$i<$size;$i++) {
                            $value['content'] = eregi_replace($str_search[$i], $str_replace[$i], $value['content']);
                        }

                        if ( $channel_info['if_face'] == "1" && $value['if_face'] == "1") {
                                $value['if_face'] = "1";
                        } else {
                                $value['if_face'] = "2";
                        }
                        if ( $channel_info['if_bbcode'] == "1" && $value['if_bbcode'] == "1") {
                                $value['if_bbcode'] = "1";
                        } else {
                                $value['if_bbcode'] = "2";
                        }
                        if ( $channel_info['if_url'] == "1" && $value['if_url'] == "1") {
                                $value['if_url'] = "1";
                        } else {
                                $value['if_url'] = "2";
                        }
                        if ( $channel_info['if_html'] == "1" && $value['if_html'] == "1") {
                                $value['if_html'] = "1";
                        } else {
                                $value['if_html'] = "2";
                        }
                        $sql = "INSERT INTO ".DB_TABLE_POST." SET
                                    topic_id                = '".$topic_info['id']."',
                                    content                 = '".addslashes($value['content'])."',
                                    ".$sql_quote."
                                    post_mid                = '".$MEMBER['id']."',
                                    post_musername          = '".$MEMBER['username']."',
                                    post_ip                 = '".func::return_ip()."',
                                    post_time               = ".$sys->nowtime.",
                                    modify_mid              = '0',
                                    modify_musername       = '',
                                    modify_ip               = '',
                                    modify_time             = '0',
                                    if_face                 = ".$value['if_face'].",
                                    if_bbcode               = ".$value['if_bbcode'].",
                                    if_url                  = ".$value['if_url'].",
                                    if_html                 = ".$value['if_html'].",
                                    floor                   = '0',
                                    rank                    = ".$sys->nowtime."";
                        $result = $db->Execute($sql);
                        if (!$result) {
                            $ajax_response->alert($db->ErrorMsg());
                        }else{
                            $post_id = $db->Insert_ID();
                            $sql_data = array(
                                "post_id"  => "".$post_id."",
                            );
                            $result = func::db_update(DB_TABLE_POST_ATTACH, $sql_data, "post_id=0 AND member_id=".(int)$MEMBER['id']."");
                            $floor_last = func::db_select(DB_TABLE_POST, "floor", "topic_id=".$topic_info['id']." AND floor!=0", "1", "rank DESC,id DESC");
                            $floor_last =  $floor_last[0]['floor'];
                            $floor_update = func::db_select(DB_TABLE_POST, "id", "topic_id=".$topic_info['id']." AND floor=0", "", "rank,id");
                            if (!empty($floor_update)) {
                                foreach ($floor_update as $v) {
                                    $sql_data = array(
                                        "floor" => $floor_last."+1",
                                    );
                                    $result = func::db_update(DB_TABLE_POST, $sql_data, "id=".(int)$v['id']."");
                                    if (!$result) {
                                        $ajax_response->alert($LANGUAGE['s']['reply']['update_floor_error']);
                                    }
                                    $floor_last++;
                                }
                            }
                            $sql_data = array(
                                "last_mid"          => "".(int)$MEMBER['id']."",
                                "last_musername"    => "'".$MEMBER['username']."'",
                                "last_time"         => "".(int)$sys->nowtime."",
                                "last_pid"          => "".(int)$post_id."",
                                "number_reply"      => "number_reply+1",
                                "rank"              => "".$sys->nowtime."",
                            );
                            $result = func::db_update(DB_TABLE_TOPIC, $sql_data, "id=".(int)$topic_info['id']."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['reply']['update_topic_error']);
                            }
                            $sql_data = array(
                                "number_total_post"         => "number_total_post+1",
                                "number_today_post"         => "number_today_post+1",
                                "last_post_id"              => "'".(int)$post_id."'",
                                "last_post_topic_id"        => "'".(int)$topic_info['id']."'",
                                "last_post_mid"             => "'".(int)$MEMBER['id']."'",
                                "last_post_musername"       => "'".$MEMBER['username']."'",
                                "last_post_time"            => "'".(int)$sys->nowtime."'",

                            );
                            $result = func::db_update(DB_TABLE_CHANNEL, $sql_data, "id=".(int)$topic_info['channel_id']."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['reply']['update_channel_error']);
                            }

                            $sql_data = array(
                                "last_post"           => "'".(int)$post_id."'",
                                "total_reply"         => "total_reply+1",
                            );
                            $result = func::db_update(DB_TABLE_MEMBER_DETAIL, $sql_data, "mid=".(int)$MEMBER['id']."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['reply']['update_member_detail_error']);
                            }

                            if ((int)$MEMBER['point'] > (int)$CONFIG['point_group']['point_min']) {
                                $sql_data = array(
                                    "point"           => "point+".(int)$CONFIG['point_group']['topic_reply'],
                                );
                                $result = func::db_update(DB_TABLE_MEMBER, $sql_data, "id=".(int)$MEMBER['id']."");
                                if (!$result) {
                                    $ajax_response->alert($LANGUAGE['s']['reply']['update_member_point_topic_reply_error']);
                                }
                            }
                            $ajax_response->redirect($CONFIGURE['common']['control_index']."?act=topic&topic_id=".$topic_info['id']."&post_id=".$post_id."&#pid_".$post_id);
                        }
                    }
                    return $ajax_response;
                }
                $bwajax->register(XAJAX_FUNCTION, "submit_reply");

                if($sys->get['ope'] == "saveattach_upload"){
                    $bwupload->lang_msg = array(
                        '0'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['0'],
                        '1'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['1'],
                        '2'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['2'],
                        '3'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['3'],
                        '4'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['4'],
                        '6'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['6'],
                        '7'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['7'],
                        '8'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['8'],
                        'invalid'       => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['invalid'],
                        'error_size'    => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_size'],
                        'error_type'    => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_type'],
                        'upload_failed' => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['upload_failed'],
                        'error_empty'   => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_empty'],
                    );
                    $bwupload->set_size($setting_attach['size']);
                    $bwupload->set_type($setting_attach['type']);

                    $result_state   = "1";
                    $error_msg      = "";

                    $member_id = $MEMBER['id'];
                    if (!preg_match("/^[1-9][0-9]*$/",$member_id)){
                        $result_state = "0";
                        $error_msg = $LANGUAGE['s']['reply']['saveattach_upload_post_id_error']."<!-- post_id error -->";
                    } elseif (func::db_count_record(DB_TABLE_POST_ATTACH, "post_id=0 AND member_id=".$member_id) >= $setting_attach['number']){
                        $result_state = "0";
                        $error_msg = sprintf($LANGUAGE['s']['reply']['saveattach_upload_total_full'],$setting_attach['number'])."<!-- number error -->";
                    } elseif (mb_strwidth($_POST['attach_brief'],"UTF-8") > $setting_attach['brief_length']){
                        $result_state = "0";
                        $error_msg = sprintf($LANGUAGE['s']['reply']['saveattach_upload_brief_full'],$setting_attach['brief_length'])."<!-- brief error -->";
                    } else {
                        $dir    = $setting_attach['dir'];
                        $path   = $SETTING['dir_post_attach']."/".$dir;
                        if (!file_exists($path)) { func::make_dir($path); }

                        if( !$bwupload->upload_file($path,"attach_upload") ){
                            $result_state = "0";
                            $error_msg = $bwupload->error_msg."<!-- upload error -->";
                        }else{
                            $result_state = $bwupload->proceed['attach_upload']['succeed'];
                            $error_msg = $bwupload->proceed['attach_upload']['error']."<!-- upload error message -->";
                            if ($result_state == "1") {
                                $brief = empty($_POST['attach_brief']) ? func::str_cut($bwupload->proceed['attach_upload']['name'], 0, $setting_attach['brief_length']) : $_POST['attach_brief'];
                                $sql_data = array(
                                    "brief"             => "'".addslashes($brief)."'",
                                    "dir"               => "'".$dir."'",
                                    "filename"          => "'".$bwupload->proceed['attach_upload']['result_name']."'",
                                    "post_id"           => "'0'",
                                    "member_id"          => "'".(int)$MEMBER['id']."'",
                                    "time"              => $sys->nowtime,
                                    "down"              => "0",
                                );
                                $result = func::db_insert(DB_TABLE_POST_ATTACH, $sql_data);
                                if (!$result) {
                                    if (file_exists($path.$bwupload->proceed['attach_upload']['result_name'])) {
                                        @chmod($path.$bwupload->proceed['attach_upload']['result_name'], $SETTING['chmod_mode_file']);
                                        @unlink($path.$bwupload->proceed['attach_upload']['result_name']);
                                    }
                                    $result_state = "0";
                                    $error_msg = $LANGUAGE['s']['reply']['saveattach_upload_updatedb_failed']."<!-- upload db attach_name error -->";
                                }
                            }
                        }
                    }
                    $CONFIGURE['common']['if_output_template'] = "0";
                    $prompt_style = $result_state == "1" ? "prompt_succeed" : "prompt_failed";
                    $bwjs->write("parent.xajax_attach_upload_return('".$result_state."',
                        'add',
                        '".$member_id."',
                        'post_add',
                        'attach_upload_input',
                        '<input type=\"file\" id=\"attach_upload\" name=\"attach_upload\" size=\"12\" style=\"width:140px;\" class=\"input\" onchange=\"xajax_attach_showselect(\'attach_select\',\'attach_upload_prompt\',this.value)\" />',
                        'attach_upload_submit',
                        'attach_list',
                        'attach_brief',
                        'attach_upload_prompt',
                        '<span class=\"".$prompt_style."\">".$error_msg."</span>');");
                }
                $t->assign(array(
                    "channel_info"      => $channel_info,
                    "channel_current"   => $sys->channel_current,
                    "topic_info"        => $topic_info,
                    "trans_value"       => $trans_value,
                    "setting_attach"    => $setting_attach,
                ));
            }
        }
    }
}
if (!empty($sys->channel_current)) { 
    foreach($sys->channel_current as $v){
        $public_var['page_place'][] = $v['name'];
        $public_var['page_keyword'] = array_merge((array)$public_var['page_keyword'], array_filter(preg_split("/[\s,]+/", $v['keyword'])));
    }
}
$public_var['page_place'][] = $topic_info['subject']; 
$public_var['page_place'][] = $LANGUAGE['s']['reply']['page_place'];
?>
